Web lists-archives.com

Re: can't access remote shares when using ssh with rsa key - passwd -R / set(e)uid / LogonUser is not working as expected




On Mar  6 13:28, Corinna Vinschen wrote:
> On Mar  6 10:09, Maayan Apelboim wrote:
> > Well, it doesn't work OK unfortunately, but I'm not sure if I missed something in the process, or is it just not working properly.
> > I'm a bit worried to upgrade to 3.0.2 at the moment cause it's a major version and will probably have new bugs that I wouldn't want to find in production.
> > 
> > Assuming we will eventually upgrade to latest version - 
> > My sshd service is running with domain user cyg_server and we login with domains users via ssh - is it still OK to switch the sshd service's user to local system?
> > Will we still be able to login with domain users via ssh?
> 
> Yes, that's the idea.  The new method using the official S4U logon
> technique runs under the SYSTEM account.  No need to have a special
> cyg_server account with potentially dangerous privileges anymore.
> 
> > Will it help with my network shares problem?
> 
> No.  Just like the old techniques using an LSA authentication module
> or creating a user token from scratch, S4U login does not create
> tokens with valid network credentials.  For some weird reason only
> Microsoft knows about, you still need a password login for that.

Btw., that's in no way different when using Microsoft's own SSHD.
They use S4U login as well.  That's where I got the idea, in fact.

> The other method, logging in by stored password, as described in
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd3 still
> works, though.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature